diff options
| author | Daniel Forrest <dan.forrest@ssec.wisc.edu> | 2014-12-02 15:59:42 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-12-16 09:34:26 -0800 |
| commit | 867dc3a68f2c888e4c1a9110bc71e35f369bd05b (patch) | |
| tree | c8022ec07d0463f4e22e93ea557496b2a3c296fb /mm/mmap.c | |
| parent | f7c6aba54aad614d0440762053f6f316559b8e54 (diff) | |
| download | lwn-867dc3a68f2c888e4c1a9110bc71e35f369bd05b.tar.gz lwn-867dc3a68f2c888e4c1a9110bc71e35f369bd05b.zip | |
mm: fix anon_vma_clone() error treatment
commit c4ea95d7cd08d9ffd7fa75e6c5e0332d596dd11e upstream.
Andrew Morton noticed that the error return from anon_vma_clone() was
being dropped and replaced with -ENOMEM (which is not itself a bug
because the only error return value from anon_vma_clone() is -ENOMEM).
I did an audit of callers of anon_vma_clone() and discovered an actual
bug where the error return was being lost. In __split_vma(), between
Linux 3.11 and 3.12 the code was changed so the err variable is used
before the call to anon_vma_clone() and the default initial value of
-ENOMEM is overwritten. So a failure of anon_vma_clone() will return
success since err at this point is now zero.
Below is a patch which fixes this bug and also propagates the error
return value from anon_vma_clone() in all cases.
Fixes: ef0855d334e1 ("mm: mempolicy: turn vma_set_policy() into vma_dup_policy()")
Signed-off-by: Daniel Forrest <dan.forrest@ssec.wisc.edu>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Tim Hartrick <tim@edgecast.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'mm/mmap.c')
| -rw-r--r-- | mm/mmap.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index dfe90657a6db..b91ac800d7b7 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -745,8 +745,11 @@ again: remove_next = 1 + (end > next->vm_end); * shrinking vma had, to cover any anon pages imported. */ if (exporter && exporter->anon_vma && !importer->anon_vma) { - if (anon_vma_clone(importer, exporter)) - return -ENOMEM; + int error; + + error = anon_vma_clone(importer, exporter); + if (error) + return error; importer->anon_vma = exporter->anon_vma; } } @@ -2428,7 +2431,8 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, if (err) goto out_free_vma; - if (anon_vma_clone(new, vma)) + err = anon_vma_clone(new, vma); + if (err) goto out_free_mpol; if (new->vm_file) |